<?php
require_once('conn.php');

// Check login status
checkLogin("信息管理");

// Initialize all variables to avoid undefined warnings
$id = isset($_POST['id']) ? $_POST['id'] : '';
$product_name = isset($_POST['ProductName']) ? htmlspecialcharsFix($_POST['ProductName']) : '';
$product_img = isset($_POST['ProductImg']) ? htmlspecialcharsFix($_POST['ProductImg']) : '';
$unit = isset($_POST['unit']) ? htmlspecialcharsFix($_POST['unit']) : '';
$moq = isset($_POST['moq']) ? htmlspecialcharsFix($_POST['moq']) : '';
$category_id = isset($_POST['category_id']) ? intval($_POST['category_id']) : 0;
$nosale = isset($_POST['nosale']) ? $_POST['nosale'] : array();
$note = isset($_POST['note']) ? htmlspecialcharsFix($_POST['note']) : '';
$tips = isset($_POST['tips']) ? htmlspecialcharsFix($_POST['tips']) : '';
$keys = isset($_POST['keys']) ? $_POST['keys'] : '';
$page = isset($_POST['page']) ? $_POST['page'] : 1;

// Initialize specification variables
$spec_name = isset($_POST['spec_name']) ? $_POST['spec_name'] : array();
$spec_value = isset($_POST['spec_value']) ? $_POST['spec_value'] : array();
$spec_price = isset($_POST['spec_price']) ? $_POST['spec_price'] : array();
$spec_moq = isset($_POST['spec_moq']) ? $_POST['spec_moq'] : array();
$spec_code = isset($_POST['spec_code']) ? $_POST['spec_code'] : array();
$spec_sort = isset($_POST['spec_sort']) ? $_POST['spec_sort'] : array();
$spec_id = isset($_POST['spec_id']) ? $_POST['spec_id'] : array();

// Redirect URL
$redirect_url = "products.php?Keys=" . $keys . "&Page=" . $page;
if ($category_id) {
    $redirect_url .= "&category_id=" . $category_id;
}

// Determine if this is an edit or a new record
$is_edit = (!empty($id) && is_numeric($id));

// Process nosale array into comma-separated string
$nosale_str = '';
if (is_array($nosale) && !empty($nosale)) {
    $nosale_clean = array_map('intval', $nosale); // Ensure all values are integers
    $nosale_str = implode(',', $nosale_clean);
}

// Validate form data
if (empty($product_name)) {
    // You could add error handling here
    header("Location: " . $redirect_url);
    exit();
}

// Validate specifications - at least one specification is required with all fields filled
$has_valid_specs = false;
if (is_array($spec_name) && !empty($spec_name)) {
    foreach ($spec_name as $key => $name) {
        if (!empty($name) && isset($spec_price[$key]) && !empty($spec_price[$key]) && 
            isset($spec_moq[$key]) && !empty($spec_moq[$key])) {
            $has_valid_specs = true;
            break;
        }
    }
}

if (!$has_valid_specs) {
    // Redirect back with error message
    header("Location: " . $redirect_url . "&error=missing_specs");
    exit();
}

if ($is_edit) {
    // Update existing product
    $sql = "UPDATE products SET 
            ProductName = '" . mysqli_real_escape_string($conn, $product_name) . "',
            ProductImg = '" . mysqli_real_escape_string($conn, $product_img) . "',
            Addtime = NOW(),
            moq = '" . mysqli_real_escape_string($conn, $moq) . "',
            unit = '" . mysqli_real_escape_string($conn, $unit) . "',
            nosale = '" . $nosale_str . "',
            note = '" . mysqli_real_escape_string($conn, $note) . "',
            tips = '" . mysqli_real_escape_string($conn, $tips) . "',
            category_id = " . $category_id . "
            WHERE id = " . (int)$id;
    mysqli_query($conn, $sql);
    
    // Track which specification IDs we're keeping in this update
    $kept_spec_ids = array();
    
    // Process specifications
    if (is_array($spec_name) && !empty($spec_name)) {
        foreach ($spec_name as $key => $name) {
            if (!empty($name) && isset($spec_price[$key]) && !empty($spec_price[$key])) {
                $spec_price_value = isset($spec_price[$key]) && is_numeric($spec_price[$key]) ? (float)$spec_price[$key] : 0;
                $spec_moq_value = isset($spec_moq[$key]) && is_numeric($spec_moq[$key]) ? (int)$spec_moq[$key] : 1;
                $spec_code_value = isset($spec_code[$key]) ? mysqli_real_escape_string($conn, $spec_code[$key]) : '';
                $spec_sort_value = isset($spec_sort[$key]) && is_numeric($spec_sort[$key]) ? (int)$spec_sort[$key] : 0;
                $spec_value_value = isset($spec_value[$key]) ? mysqli_real_escape_string($conn, $spec_value[$key]) : '';
                $spec_id_value = isset($spec_id[$key]) && is_numeric($spec_id[$key]) ? (int)$spec_id[$key] : 0;
                
                if ($spec_id_value > 0) {
                    // Update existing specification
                    $sql = "UPDATE product_specifications SET 
                            spec_name = '" . mysqli_real_escape_string($conn, $name) . "', 
                            spec_value = '" . $spec_value_value . "', 
                            price = " . $spec_price_value . ", 
                            min_order_quantity = " . $spec_moq_value . ", 
                            spec_code = '" . $spec_code_value . "', 
                            sort_order = " . $spec_sort_value . "
                            WHERE id = " . $spec_id_value . " AND product_id = " . (int)$id;
                    mysqli_query($conn, $sql);
                    
                    // Add to kept IDs list
                    $kept_spec_ids[] = $spec_id_value;
                } else {
                    // Insert new specification
                    $sql = "INSERT INTO product_specifications 
                            (product_id, spec_name, spec_value, price, min_order_quantity, spec_code, addtime, sort_order) 
                            VALUES (
                                " . (int)$id . ", 
                                '" . mysqli_real_escape_string($conn, $name) . "', 
                                '" . $spec_value_value . "', 
                                " . $spec_price_value . ", 
                                " . $spec_moq_value . ", 
                                '" . $spec_code_value . "', 
                                NOW(), 
                                " . $spec_sort_value . "
                            )";
                    mysqli_query($conn, $sql);
                    
                    // Add newly inserted ID to kept list
                    $kept_spec_ids[] = mysqli_insert_id($conn);
                }
            }
        }
    }
    
    // Delete specifications that were removed in the form
    if (!empty($kept_spec_ids)) {
        $delete_sql = "DELETE FROM product_specifications WHERE product_id = " . (int)$id;
        if (count($kept_spec_ids) > 0) {
            $delete_sql .= " AND id NOT IN (" . implode(',', $kept_spec_ids) . ")";
        }
        mysqli_query($conn, $delete_sql);
    } else {
        // If no specifications are kept, delete all specifications for this product
        mysqli_query($conn, "DELETE FROM product_specifications WHERE product_id = " . (int)$id);
    }
} else {
    // Insert new product
    $sql = "INSERT INTO products (ProductName, ProductImg, Addtime, moq, unit, nosale, note, tips, category_id) 
            VALUES (
                '" . mysqli_real_escape_string($conn, $product_name) . "',
                '" . mysqli_real_escape_string($conn, $product_img) . "',
                NOW(),
                '" . mysqli_real_escape_string($conn, $moq) . "',
                '" . mysqli_real_escape_string($conn, $unit) . "',
                '" . $nosale_str . "',
                '" . mysqli_real_escape_string($conn, $note) . "',
                '" . mysqli_real_escape_string($conn, $tips) . "',
                " . $category_id . "
            )";
    mysqli_query($conn, $sql);
    $id = mysqli_insert_id($conn);
    
    // Add specifications for new product
    if (is_array($spec_name) && !empty($spec_name)) {
        foreach ($spec_name as $key => $name) {
            if (!empty($name) && isset($spec_price[$key]) && !empty($spec_price[$key])) {
                $spec_price_value = isset($spec_price[$key]) && is_numeric($spec_price[$key]) ? (float)$spec_price[$key] : 0;
                $spec_moq_value = isset($spec_moq[$key]) && is_numeric($spec_moq[$key]) ? (int)$spec_moq[$key] : 1;
                $spec_code_value = isset($spec_code[$key]) ? mysqli_real_escape_string($conn, $spec_code[$key]) : '';
                $spec_sort_value = isset($spec_sort[$key]) && is_numeric($spec_sort[$key]) ? (int)$spec_sort[$key] : 0;
                $spec_value_value = isset($spec_value[$key]) ? mysqli_real_escape_string($conn, $spec_value[$key]) : '';
                
                $sql = "INSERT INTO product_specifications 
                        (product_id, spec_name, spec_value, price, min_order_quantity, spec_code, addtime, sort_order) 
                        VALUES (
                            " . (int)$id . ", 
                            '" . mysqli_real_escape_string($conn, $name) . "', 
                            '" . $spec_value_value . "', 
                            " . $spec_price_value . ", 
                            " . $spec_moq_value . ", 
                            '" . $spec_code_value . "', 
                            NOW(), 
                            " . $spec_sort_value . "
                        )";
                mysqli_query($conn, $sql);
            }
        }
    }
}

// Redirect after save
mysqli_close($conn);
header("Location: " . $redirect_url);
exit();